Merge pull request RADAR-base#302 from RADAR-base/release-0.4.1

Release 0.4.1

build.gradle

@@ -32,7 +32,7 @@ plugins {
 allprojects {
     group 'org.radarcns'
 
-    version '0.4.0' // project version
+    version '0.4.1' // project version
 
     // The comment on the previous line is only there to identify the project version line easily
     // with a sed command, to auto-update the version number with the prepare-release-branch.sh

oauth-client-util/README.md

@@ -10,7 +10,7 @@ Quickstart:
 
 ```groovy
 dependencies {
-  compile group: 'org.radarcns', name: 'oauth-client-util', version: '0.4.0'
+  compile group: 'org.radarcns', name: 'oauth-client-util', version: '0.4.1'
 }
 ```
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "management-portal",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Description for ManagementPortal",
   "private": true,
   "cacheDirectories": [

radar-auth/README.md

@@ -10,7 +10,7 @@ Add the dependency to your project.
 
 Gradle:
 ```groovy
-compile group: 'org.radarcns', name: 'radar-auth', version: '0.4.0'
+compile group: 'org.radarcns', name: 'radar-auth', version: '0.4.1'
 ```
 
 The library expects the identity server configuration in a file called `radar-is.yml`. Either set 

radar-auth/src/main/java/org/radarcns/auth/authentication/TokenValidator.java

@@ -5,6 +5,7 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
+import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -27,7 +28,7 @@
 import java.util.Arrays;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Set;
+import java.util.Map;
 import java.util.stream.Collectors;
 
 /**
@@ -40,10 +41,6 @@
 public class TokenValidator {
 
     protected static final Logger log = LoggerFactory.getLogger(TokenValidator.class);
-    // additional required claims apart from the required JWT claims
-    protected static final List<String> REQUIRED_CLAIMS = Arrays.asList(
-            JwtRadarToken.GRANT_TYPE_CLAIM, JwtRadarToken.SCOPE_CLAIM);
-
     private final ServerConfig config;
     private List<JWTVerifier> verifiers = new LinkedList<>();
     private final List<TokenValidationAlgorithm> algorithmList = Arrays.asList(
@@ -116,12 +113,15 @@ public RadarToken validateAccessToken(String token) throws TokenValidationExcept
         for (JWTVerifier verifier : getVerifiers()) {
             try {
                 DecodedJWT jwt = verifier.verify(token);
-                Set<String> claims = jwt.getClaims().keySet();
-                Set<String> missing = REQUIRED_CLAIMS.stream()
-                        .filter(c -> !claims.contains(c)).collect(Collectors.toSet());
-                if (!missing.isEmpty()) {
-                    throw new TokenValidationException("The following required claims were "
-                            + "missing from the token: " + String.join(", ", missing));
+
+                Map<String, Claim> claims = jwt.getClaims();
+
+                log.debug("JWT claims from token {} are {}", token, claims);
+
+                // check for scope claim
+                if (!claims.containsKey(JwtRadarToken.SCOPE_CLAIM)) {
+                    throw new TokenValidationException("The required claim "
+                            + JwtRadarToken.SCOPE_CLAIM + "is missing from the token");
                 }
                 return new JwtRadarToken(jwt);
             } catch (SignatureVerificationException sve) {
@@ -186,9 +186,10 @@ private List<JWTVerifier> loadVerifiers() throws TokenValidationException {
         }
 
         // Create a verifier for each signature verification algorithm we created
-        return algorithms.stream().map(alg -> JWT.require(alg)
-                .withAudience(config.getResourceName())
-                .build())
+        return algorithms.stream()
+                .map(alg -> JWT.require(alg)
+                        .withAudience(config.getResourceName())
+                        .build())
                 .collect(Collectors.toList());
     }
 

src/main/docker/management-portal.yml

@@ -1,7 +1,7 @@
 version: '2'
 services:
     managementportal-app:
-        image: radarcns/management-portal:0.4.0
+        image: radarcns/management-portal:0.4.1
         environment:
             - SPRING_PROFILES_ACTIVE=prod,swagger
             - SPRING_DATASOURCE_URL=jdbc:postgresql://managementportal-postgresql:5432/managementportal

src/main/java/org/radarcns/management/security/ClaimsTokenEnhancer.java

@@ -28,6 +28,8 @@
 
 public class ClaimsTokenEnhancer implements TokenEnhancer, InitializingBean {
 
+    private final Logger log = LoggerFactory.getLogger(ClaimsTokenEnhancer.class);
+
     @Autowired
     private SubjectRepository subjectRepository;
 
@@ -47,6 +49,7 @@ public class ClaimsTokenEnhancer implements TokenEnhancer, InitializingBean {
     @Override
     public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
             OAuth2Authentication authentication) {
+        log.debug("Enhancing token {} with authentication {}" , accessToken, authentication);
 
         Map<String, Object> additionalInfo = new HashMap<>();
 

src/main/java/org/radarcns/management/security/jwt/RadarJwtAccessTokenConverter.java

@@ -8,6 +8,7 @@
 import org.springframework.security.jwt.crypto.sign.RsaVerifier;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.util.Assert;
 
@@ -32,6 +33,17 @@ public class RadarJwtAccessTokenConverter extends JwtAccessTokenConverter {
 
     private Algorithm algorithm;
 
+    /**
+     * Default constructor.
+     * Creates {@link RadarJwtAccessTokenConverter} with {@link DefaultAccessTokenConverter} as
+     * the accessTokenConverter with explicitly including grant_type claim.
+     */
+    public RadarJwtAccessTokenConverter() {
+        DefaultAccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
+        tokenConverter.setIncludeGrantType(true);
+        setAccessTokenConverter(tokenConverter);
+    }
+
     @Override
     public void setKeyPair(KeyPair keyPair) {
         PrivateKey privateKey = keyPair.getPrivate();

src/main/java/org/radarcns/management/web/rest/OAuthClientsResource.java

@@ -67,6 +67,7 @@
 import static org.radarcns.auth.authorization.RadarAuthorization.checkPermission;
 import static org.radarcns.auth.authorization.RadarAuthorization.checkPermissionOnSubject;
 import static org.radarcns.management.security.SecurityUtils.getJWT;
+import static org.springframework.security.oauth2.common.util.OAuth2Utils.GRANT_TYPE;
 
 /**
  * Created by dverbeec on 5/09/2017.
@@ -276,6 +277,7 @@ public ResponseEntity<ClientPairInfoDTO> getRefreshToken(@RequestParam String lo
     private OAuth2AccessToken createToken(String clientId, String login,
             Set<GrantedAuthority> authorities, Set<String> scope, Set<String> resourceIds) {
         Map<String, String> requestParameters = new HashMap<>();
+        requestParameters.put(GRANT_TYPE , "authorization_code");
 
         Set<String> responseTypes = Collections.singleton("code");